Add app groups identifier

[cyanzhong]

No description provided.

[Copilot]

Pull request overview

This PR updates the Xcode project/build configuration to support a local entitlements overlay (intended for adding an App Group entitlement without committing it), and adds a small URL helper for resolving the App Group container URL. It also bumps LastUpgradeVersion metadata in several shared schemes.

Changes:

• Add ENTITLEMENTS_VARIANT-based entitlements file selection via Build.xcconfig, plus ignore *.local.entitlements.
• Add a “Check Entitlements Drift” shell script build phase for app + preview extension entitlements.
• Add URL.securityAppGroupURL convenience for the MarkEdit App Group container URL; update Xcode scheme upgrade versions.

Reviewed changes

Copilot reviewed 13 out of 14 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
MarkEditMac/Modules/.swiftpm/xcode/xcshareddata/xcschemes/FontPicker.xcscheme	Bump scheme LastUpgradeVersion metadata.
MarkEditMac/Modules/.swiftpm/xcode/xcshareddata/xcschemes/AppKitExtensions.xcscheme	Bump scheme LastUpgradeVersion metadata.
MarkEditMac/Modules/.swiftpm/xcode/xcshareddata/xcschemes/AppKitControls.xcscheme	Bump scheme LastUpgradeVersion metadata.
MarkEditKit/.swiftpm/xcode/xcshareddata/xcschemes/MarkEditKit.xcscheme	Bump scheme LastUpgradeVersion metadata.
MarkEditCore/Sources/Extensions/URL+Extension.swift	Add App Group container URL helper.
MarkEditCore/.swiftpm/xcode/xcshareddata/xcschemes/MarkEditCore.xcscheme	Bump scheme LastUpgradeVersion metadata.
MarkEdit.xcodeproj/xcshareddata/xcschemes/PreviewExtension.xcscheme	Bump scheme LastUpgradeVersion metadata.
MarkEdit.xcodeproj/xcshareddata/xcschemes/MarkEditMac.xcscheme	Bump scheme LastUpgradeVersion metadata.
MarkEdit.xcodeproj/xcshareddata/xcschemes/MarkEditMac (zh-Hant).xcscheme	Bump scheme LastUpgradeVersion metadata.
MarkEdit.xcodeproj/xcshareddata/xcschemes/MarkEditMac (zh-Hans).xcscheme	Bump scheme LastUpgradeVersion metadata.
MarkEdit.xcodeproj/xcshareddata/xcschemes/MarkEditMac (screenshots).xcscheme	Bump scheme LastUpgradeVersion metadata.
MarkEdit.xcodeproj/project.pbxproj	Add entitlements drift-check build phases; route entitlements paths through xcconfig variables; bump LastUpgradeCheck; add REGISTER_APP_GROUPS build setting passthrough.
Build.xcconfig	Introduce entitlements-variant variables and REGISTER_APP_GROUPS default; include optional Local.xcconfig.
.gitignore	Ignore *.local.entitlements overlays.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 13 out of 14 changed files in this pull request and generated 3 comments.

Comments suppressed due to low confidence (4)

MarkEdit.xcodeproj/project.pbxproj:1183

• REGISTER_APP_GROUPS is assigned to "$(REGISTER_APP_GROUPS)", which is a self-referential build setting expansion and can trigger “recursive variable reference” warnings or resolve to an empty value. If you want to inherit the value from Build.xcconfig/Local.xcconfig, use $(inherited) (or remove the override entirely).

				REGISTER_APP_GROUPS = "$(REGISTER_APP_GROUPS)";

MarkEdit.xcodeproj/project.pbxproj:1304

• REGISTER_APP_GROUPS is assigned to "$(REGISTER_APP_GROUPS)", which is a self-referential build setting expansion and can trigger “recursive variable reference” warnings or resolve to an empty value. If you want to inherit the value from Build.xcconfig/Local.xcconfig, use $(inherited) (or remove the override entirely).

				REGISTER_APP_GROUPS = "$(REGISTER_APP_GROUPS)";

MarkEdit.xcodeproj/project.pbxproj:1335

• REGISTER_APP_GROUPS is assigned to "$(REGISTER_APP_GROUPS)", which is a self-referential build setting expansion and can trigger “recursive variable reference” warnings or resolve to an empty value. If you want to inherit the value from Build.xcconfig/Local.xcconfig, use $(inherited) (or remove the override entirely).

				REGISTER_APP_GROUPS = "$(REGISTER_APP_GROUPS)";

MarkEdit.xcodeproj/project.pbxproj:829

• This build phase declares the local entitlements file as an input (so it becomes $SCRIPT_INPUT_FILE_1), but the script ignores it and recomputes the path from $SCRIPT_INPUT_FILE_0. Using $SCRIPT_INPUT_FILE_1 directly avoids ordering/renaming footguns and keeps the declared inputs and the script behavior in sync (important with user script sandboxing enabled).

			shellScript = "set -euo pipefail\nbase=\"$SCRIPT_INPUT_FILE_0\"\nlocal_file=\"${base%.entitlements}.local.entitlements\"\n[ -f \"$local_file\" ] || exit 0\npython3 - \"$base\" \"$local_file\" <<'EOF'\nimport plistlib, sys\nbase_path, local_path = sys.argv[1], sys.argv[2]\nbase = plistlib.load(open(base_path, \"rb\"))\nlocal = plistlib.load(open(local_path, \"rb\"))\n# Keys allowed to exist only in the local overlay.\nallowed_extras = {\"com.apple.security.application-groups\"}\nerrors = []\nfor k, v in base.items():\n  if k not in local:\n    errors.append(f\"missing key in local: {k}\")\n  elif local[k] != v:\n    errors.append(f\"value differs for {k}: base={v!r} local={local[k]!r}\")\nfor k in local:\n  if k not in base and k not in allowed_extras:\n    errors.append(f\"unexpected key in local (not in base, not allow-listed): {k}\")\nfor e in errors:\n  print(f\"{local_path}:1: error: {e}\")\nsys.exit(1 if errors else 0)\nEOF\n";